Yeah as was said yesterday to Bruno as well focus on the lab version 12.4T
has it but not 12.4(15)T

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Managing Partner / Sr. Instructor - IPexpert, Inc.

Mailto:  <mailto:[email protected]> [email protected]

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit:  <http://www.ipexpert.com/chat>
www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
<http://www.ipexpert.com/communities> www.ipexpert.com/communities and our
public website at  <http://www.ipexpert.com/> www.ipexpert.com

 

From: Kingsley Charles [mailto:[email protected]] 
Sent: Wednesday, October 13, 2010 4:01 AM
To: Tyson Scott
Cc: Carlos Jardim; CCIE Security Maillist
Subject: Re: [OSL | CCIE_Security] MATCH-ALL keyword

 

Yes Tyson.

It's not there in 12.4(15)T13 but I can see it in 15.0(1)M1. So it should
have come sometime after 15T.

But the lab is based on 12.4(15)T right?


With regards
Kings

On Wed, Oct 13, 2010 at 11:20 AM, Tyson Scott <[email protected]> wrote:

Kingsley,

 

It all depends on version

 

R1(config)#class-map type inspect smtp match-all TEST

R1(config-cmap)#match ?

  body         ESMTP body

  cmd          ESMTP command verb 

  data-length  Specify data transfer length per session

  header       ESMTP header

  mime         ESMTP mime

  recipient    ESMTP recipient

  reply        ESMTP reply

  sender       ESMTP sender

 

R1(config-cmap)#match

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Managing Partner / Sr. Instructor - IPexpert, Inc.

Mailto: [email protected]

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit: www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
<http://www.ipexpert.com/> 

 

From: [email protected]
[mailto:[email protected]] On Behalf Of Kingsley
Charles
Sent: Wednesday, October 13, 2010 1:21 AM
To: Carlos Jardim
Cc: CCIE Security Maillist
Subject: Re: [OSL | CCIE_Security] MATCH-ALL keyword

 

That's because you have only one match criteria for smtp class map.. If you
add another "match data-length" that will overwrite the existing one.

router1(config)#class-map type inspect smtp match-any king
router1(config-cmap)#?
Class-map configuration commands:
  description  Class-Map description
  exit         Exit from class-map configuration mode
  match        classification criteria
  no           Negate or set default values of a command
  rename       Rename this class-map

router1(config-cmap)#mat
router1(config-cmap)#match ?
  data-length  Specify data transfer length per session





With regards
Kings

On Wed, Oct 13, 2010 at 9:15 AM, Carlos Jardim <[email protected]>
wrote:

All,

 

I am trying the following.. could you guys tell me where my mistake is..
first time I did this lab (Yusuf1) it was ok.. but now I don't understand
why it's not working.. 

 

 

parameter-map type regex ABCD

 pattern [email protected]

!

access-list 111 permit ip any any

!

class-map type inspect match-all CM_CENTRAL_REMOTE

 match access-group 111

!

policy-map type inspect central_remote

 class type inspect CM_CENTRAL_REMOTE

  inspect

 class class-default

!

(...)

!

class-map type inspect match-any HTTP

 match protocol http

!

class-map type inspect match-any OTHER

 match protocol telnet

 match protocol ssh

!

class-map type inspect match-all CM_ICMP

 match protocol icmp

!

class-map type inspect match-all CM_SMTP

 match protocol smtp

!

!

class-map type inspect http match-any L7CM_HTTP

 match  request port-misuse tunneling

!

policy-map type inspect http L7PM_HTTP

 class type inspect http L7CM_HTTP

  reset

!

! 

!

class-map type inspect smtp ?

  WORD       class-map name

  match-any  Logical-OR all matching statements under this classmap

!

!

 

****** at this point I don't have "MATCH-ALL" keyword available. I just
wanted to add another match sentence inside this class-map (match sender
address regex ABCD). *******

 

 

policy-map type inspect remote_central

 class type inspect CM_ICMP

  inspect

  police rate 20000 burst 2000

 class type inspect OTHER

  inspect

 class type inspect CM_SMTP

  inspect

 class type inspect HTTP

  inspect

  service-policy http L7PM_HTTP

!

!

!

 

 

****** configuring this class-map with match-any I can't use a second match
as expected ******

 

R5(config-cmap)#class-map type inspect smtp match-any L7CM_SMTP

R5(config-cmap)#match ?

  data-length  Specify data transfer length per session

 

****** data-length appears as the only one option *******

 

 

Thanks a lot;

Carlos

 


 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com

 

 

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to